Posted
by
timothy
on Saturday August 10, 2013 @07:28AM
from the type-one-and-type-two-errors dept.

An anonymous reader writes "Website blocking has become a hot topic in the UK in recent weeks. Opponents of both voluntary and court-ordered blockades have warned about the potential collateral damage these blocking systems may cause, and they have now been proven right. As it turns out blocked sites can easily exploit the system and add new IP-addresses to Sky's blocklist. As a result TorrentFreak has been rendered inaccessible to the ISP's four million customers."

there were people/corporations/governments that though the holocaust was a good idea./godwin, but to prove a point that every bad anti-social oppressive idea does actually work for some people, the people in charge at the expence of everyone else.

Um, hello? It's called "Let's not only block the thing we're against, let's block any mention of that thing as well". Sort of like what the Russian government seems to be trying to do the LGBT community there.

So, far from being "collateral damage", this means the (censorship) system is working just as intended.

you didn't read the article did you?It was actually a bit of clever manipulation by a torrent site who discovered sky was automatically blocking other ip addresses the torrent site was listing as alternate site addresses. So they performed a little experiment listed the torrent freak site as a mirror and sky automatically put a block on that ip address. Thus demonstrating how Sky's automatic blocking is flawed and fairly useless.

Its a bit more complicated than that but summing up Sky thought they could automate whack a mole and instead managed to give control over blocking to the sites they want to block.

Torrent freak were informed and agreed to be a target before hand. I think facebook was also targeted but with little to no effect due to the number of addresses assigned to facebook its believed.

They also tried to block Facebook but it didn't work, probably because of the large range of IP addresses involved. It's a shame they gave up so easily, taking down a high profile site would have been exactly the kind of public shaming we need to make people see how stupid the whole idea is.

If you bothered to RTFA*, you'd realise why you're wrong: the censorship is supposed to apply to an unrelated site, called EZTV, and has nothing to do with TorrentFreak. The owner of the blocked domain started adding the IP addresses of other, unrelated sites and at least one ISP started blocking access to those unrelated sites. With a solution as poorly implemented as this, it means a blocked site owner with an axe to grind could start blocking access to legitimate sites with very little effort.

This is to be expected of what I've come to call the "Corporate Internet".

Governments and corporations have inherited our tubes, and I think that by now they're pretty confident that it's going to be acceptable for them to control and limit the content that ordinary people have access to.

It's been like this for a while now; once you learn the ropes and (more importantly) learn to obey all the rules, you'll fit right in!

Well, the USArmy and Universities put together the original internet, and Cern designed the web on top of it. Corporations, except for universities and a few other non-profits, were late-comers to the party.

OTOH, the original internet was specifically designed to avoid centralized routing. Basically, when power grabbers took over ICANN and were blessed by the US govt. the writing was on the wall. You shouldn't be surprised by anything that has happened since then...well, actually the existence of torrent

> Ahab ultimately dooms the crew of the Pequod (save for Ishmael) to death by his obsession with Moby Dick. During the final chase, Ahab hurls his last harpoon while yelling his now-famous revenge line:

"to the last I grapple with thee; from hell's heart I stab at thee; for hate's sake I spit my last breath at thee."

Kahn was quoting Melville; Kirk was his whale. And Star Trek is more known to most slashdotters than Melville.

If anything, I'm surprised that a person who watched Wrath of Khan or First Contact wouldn't recognize the quotes and parallels immediately. Even if your native language is not English and you weren't forced to read these classics, this is classic literature that's pretty hard to ignore. If anything I'd say that next to Shakespeare's work, Melville's right up there as "most quoted classical author in sci-fi".

If the blocks are applied to any IP address pointed to by a blocked site, maybe as a demonstration a blocked site should add the IP addresses of all of the major UK political parties, BBC iPlayer, Youtube, Netflix, lovefilm etc. If mainstream media sites get (automatically) blocked then perhaps the backlash might force TPTB into either removing the requirement to block or require the ISPs to use a blocking mechanism with less potential for collateral damage.

If they were aiming for truly evil exploitation of automated blocking, they wouldn't block any of those. They'd get the DVLA tax disc renewal site blocked instead and, given the automatic fines now, you'd easily upset a twelfth of Sky's userbase who'd need to switch back to manual methods. Alternatively, you'd aim to block HMRC in late January and block the rare people doing tax-returns at the last minute...

My post certainly wasn't meant to recommend that it should be attempted! It was intended to reply to the OP's comment that:

If mainstream media sites get (automatically) blocked then perhaps the backlash might force TPTB into either removing the requirement to block or require the ISPs to use a blocking mechanism with less potential for collateral damage.

Blocking "mainstream media sites" would upset journalists more and get far more publicity. TPTB probably care more about their own sites being available a

When you do malicious things to Sky's customers, wouldn't it make you just as or perhaps even more oppressive than the people already controlling their content?

Depends on what happens.

If it merely means the site is unreachable, then well, not much (sites go down all the time). If it means you get a scary looking page that says "you've access a site hosting illegal materials" then conversations get started.

Blocking big sites that can do this can generate some buzz, and the worst part is, you can't really tel

I have the technical knowledge to run my own DNS server.I do not have enough knowledge to do the following:Make a DNS server for a single PC. It shoudl possibly be doing the following:1) Work like a standard DNS server (e.g. start looking at root for SOA, then go down to find the A record for a site)2) Stabndard caching of 2 days for IP addresses, perhaps longer for TLDs3) Override DHCP settings4) Make it easy to install (double click should be enough)

But:1. What if the block filter is also blocking the IP address?2. What if the block filter is scanning the HTTP 1.1 request header that will contain the line 'host: <blocked-domain>' ?

for your concept, I believe it's quite simple to configure a linux distro to be a DHCP server for your network that also does DNS and performs it's own querying of the DNS root servers, so your concept is totally doable technically, i'm just not sure how it well it would work in reality...

But the provider could trivially intercept and spoof DNS requests. Your plan needs three revisions:1. Support DNSSEC.2. Scratch the two-day cache, make it respect the TTL field as normal.3. Except that in the event of no-domain or fail to receive a response to a query, return the last valid signed record regardless of TTL.

So what you end up with is a perfectly ordinary DNSSEC-complient DNS server, except that of a provider tries to block a domain this will keep on working regardless, at least until the host

Just install DD-WRT on your router and activate DNSMasq. You can configure specific hosts for your LAN as well as parameters such as cache duration. The local DNS cache will probably speed things up for you as well.

If the blocks are applied to any IP address pointed to by a blocked site, maybe as a demonstration a blocked site should add the IP addresses of all of the major UK political parties, BBC iPlayer, Youtube, Netflix, lovefilm etc. If mainstream media sites get (automatically) blocked then perhaps the backlash might force TPTB into either removing the requirement to block or require the ISPs to use a blocking mechanism with less potential for collateral damage.

I'm a Sky user in the UK, and I am here to post the text of the article:

"Website blocking has become a hot topic in the UK in recent weeks. Opponents of both voluntary and court-ordered blockades have warned about the potential collateral damage these blocking systems may cause, and they have now been proven right. As it turns out blocked sites can easily exploit the system and add new IP-addresses to Sky’s blocklist. As a result TorrentFreak has been rendered inaccessible to the ISP’s four million customers.

stop-blockedFollowing a High Court ruling last month, six UK ISPs are required to block subscriber access to the popular TV-torrent site EZTV.it.

The actions EZTV faces are not the first taken against a torrent site in the UK. The Pirate Bay, KickassTorrents and several other “pirate” sites have been blocked by previous court orders and remain inaccessible by conventional means.

However, over the past couple of days Sky subscribers noticed that the blocklist had been quietly expanded with a new site that’s certainly not covered by any court order – TorrentFreak.com.

Our site first became inaccessible on Wednesday night, only to be unblocked 14 hours later. However, about an hour ago it was again added to the blocklist.

The recent blocking spree is causing confusion among Sky subscribers who have no idea why TorrentFreak is longer accessible. However, we can confirm that the problem lies with Sky’s filtering software that is supposed to enforce the court-ordered torrent site blockades.

The owner of EZTV informed TorrentFreak that he used Geo DNS to point UK visitors to TorrentFreak’s IP-address. Soon after there were reports that our website had become inaccessible to Sky users."

It's not a site that gives you torrents. It's a site that gives you news. And once we block information, the slippery slope just gets lubed a bit more.

Making information and getting it illegal is and was the hallmark of any and every dictatorship in history, from fascism to communism. Part of that right to speak is the right to listen, without, it's pointless. By that logic, even the Soviet Union had a freedom of speech, as long as you were alone and nobody would listen in. It just was not allowed to say an

So CAN WE PLEASE HAVE A BLOCK ON the SUN Newspapers Website and FOX news -

That would at least be some positive achievement out of this shambles

I live in the UK and I see a totally inept, totally technophobic government try to work the 21st century with 19th century tools and mentality.We have 2 little rich boys trying to run a country that is in a shambles because they don't understand anything - basically.Oh and to keep the balance - the other

There are a variety of solutions to these problems.using alternative DNS is one but this does not work in the case that IP addresses are blocked. Proxies may also work but in the end these are reliant on no blocks existing on the proxies network.Even then how long before proxies are blocked ?TOR seems like a good idea but in reality its a bit slow and thus you couldn't just route all your traffic through it.
What is the long term solution to this?

Does anyone have any long term predictions or ideas about how we might work around this in a way that performs well and is more future proof?

FYI. EZTV is also blocked with BT infinity. And my VM at Bytemark cannot access either

my fear is that what happens when Microsoft or apple start putting pressure on the government to block things like cyanogen or the Linux kernel?

And now you know the real reason for this bullshit. Censorship was never to protect the children. Children don't give money to politicians, corporations do. It's always been about perceived copyright violation by "Big Media." All hail our bought and paid-for ruling class. Follow the money.

So very true! The masses in the UK will suddenly acquire the necessary means to get around the filters. The word proxy will become a household word, just like it has become in school that filter the internet.

Don't, whatever you do, opt out. Your name will be added to the UK Pervert Database and the next time some poor soul is raped and murdered in your area the police will be rounding up anyone who opted out of the "pornography" and "weapons and violence" categories.

If you opt out of the "suicide and self-harm" filter you can expect a visit from an NHS mental healthcare professional. Seriously, I asked my MP about the filtering and told her not to use the example of saving a single life because it was flawed, s

TorrentFreak (which, as a Virgin Media customer, I can apparently still access without jumping through hoops) appears to be more of a blog / news site these days. From the front page, it's not even obvious that they link to illegal torrents (do they?). They do list this in their about page:

TorrentFreak was featured on mainstream news outlets such as CNN, The Wall Street Journal, New York Times the BBC, the Guardian and the LA Times.

150,000+ RSS subscribers

Top 50 Techmeme leaderboard

Top 100 blogs on Technorati

Which makes it seem like they are not a sensible thing to block. I've not visited the site for a great many years, but if you only object to the sites that you use being blocked then it's very easy for censors to creep

Editing the hosts file on Windows also tends to result in antivirus software triggering. Understandable: Very few users these days have reason to edit the hosts file, but it's a very common target for malware (Redirect banking sites to pick up passwords, or redirect ad banner servers to those operated by the malware authors) so any editing of the file will be flagged as suspicious. A few times I've had Windows itsself revert the file to default automatically, but that was under Vista - I don't know if 7 doe